KDE Device Notifier mounts nouser filesystems

Paul Novak k9jenius at gmail.com
Thu Feb 12 09:59:40 PST 2015 

I'm trying to track down what I think is a bug that
can be seen using the KDE device notifier (although
according to the KDE folks, the problem in either in
udisk or polkit (either a bug or misconfiguration).

I'm just a user; I'm not a developer.

Before I write a bug report, I'm asking for confirmation
that what I'm seeing is in fact a bug and not expected/
desired behavior.

I have verified this issue running LiveDVDs of
Kubuntu, Mint, and PCLinuxOS.   I used LiveDVDs
to eliminate any possibility of the problem 
being related to my personal computer.

I have many partitions on my primary hard drive that
are not normally mounted.   One of them (for example) 
is LABEL-ed ROOT3 and I have an entry in /etc/fstab
that looks like this:

	LABEL=ROOT3	/mnt/ROOT3	ext4  noauto,nouser,ro 1 2

I don't want non-root users to be able to mount or unmount 
that partition, so I have set the "nouser" attribute.

In a (non-root) terminal, if I run

	mount /mnt/ROOT3

I will (correctly) get this error:

	mount: only root can mount LABEL=ROOT3 on /mnt/ROOT3

However, if I (non-root user) click on the KDE Device Notifier and 
configure it to look at all devices (not just removable), 
then find the ROOT3 partition, and then click on the "little belt"
icon to the right of the ROOT3, the Device Notifier does mount
the filesystem read-only.   Because the filestem is mounted 
read-only, I know the Device Notifier (or the tools it calls) 
is reading /etc/fstab.   But I also know that "nouser" is
apparently being ignored.

I filed a bug report again the KDE Device Notifier, but they closed
it saying the device notifier calls udisk with calls polkit when 
dealing with mounts, so the problem was either a bug or a
misconfiguration of polkit or udisk.

I don't want to write a needless bug report if in fact 
this is behavior is not a bug.  Could someone please 
let me know if this is expected behavior ("ro" is used, 
but "nouser" seems to be ignored)?   

Yesterday I posted a similar message to the polkit-devel
mailing list, but I haven't heard anything from anyone 
there.

Thanks.

Paul.

More information about the devkit-devel mailing list